Fatal error when POST is not uppercase

kassner / log-parser

PHP Web Server Log Parser Library

Apache License 2.0

334 stars 64 forks source link

Fatal error when POST is not uppercase #48

Closed maidentaiwan closed 4 years ago

maidentaiwan commented 4 years ago

This real-life Apache log entry caused log-parser to crash on parse():

62.210.177.12 - - [05/Apr/2020:06:58:22 -0400] "post /wp-json/trx_addons/v2/get/sc_layout?sc=wp_insert_user&role=administrator&user_login=ndvtzaifnz&user_pass=6Wlh6SA0RT HTTP/1.1" 301 800 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"

When post is changed to POST, log-parser works fine.

(I'm guessing that this log entry was produced by a WordPress hacking attempt.)

kassner commented 4 years ago

RFC 2636 § 5.1.1 defines the method as case-sensitive, so POST and post aren't the same method. If you want to parse this anyway, you can overwrite the %r:

$parser = new LogParser();
$parser->addPattern('%r', '(?P<request>(?:(?:[A-Za-z]+) .+? HTTP/(1\.0|1\.1|2\.0))|-|)');
$parser->setFormat('%h %l %u %t "%r" %>s %O "%{Referer}i" "%{User-Agent}i"');

The trick is call setFormat after addPattern, otherwise it will still fail.